Tuesday, October 2, 2012

VMware ESXi with software bridges

If trying to bridge physical networks using a firewall distro (e.g. Zeroshell, pfSense, etc.) on a VMware ESX host, the "Promiscuous" property on the virtual switch must be set to "Accept".

It appears that when "Promiscuous" mode is not enabled VMware ESX only accepts packets destined to MAC's on the VMware guest NIC's.  When a bridge is created a new MAC is assigned within software, but VMware is not aware of this MAC.